There is no time out period, as far as I am aware. This is a very common problem when running on Windows 2000. As I mentioned in a previous port, Snort.Panel fixed this for me, as it will restart snort immediately if the process dies.
-----Original Message-----
From: Steven Garrett [mailto:StevenG at ...5837...]
Sent: Thursday, May 16, 2002 12:04 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snort exit
Hi all. Is there a defined time-out period for snort. I leave it running when I leave for the evening and by the time I come back in the morning it has exited. All I can see in the logs is that the interface has left promiscous mode.
Any ideas? All suggestions and helpful comments are greatly appreciated.
Steve
-----Original Message-----
From: Michael Steele [mailto:michaels at ...155...]
Sent: Thursday, May 16, 2002 10:58 AM
To: 'Richard Roy'; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] SNORT newbie looking for some help with Snort on Win2k
Richard,
Sounds like you have the permissions set incorrectly for the CGI folder. Make sure that the IUSER has full access to the folder. If you need some guidance then you can go to our site, there you will find a complete walk through for Windows and either Snortsnarf or for Acid as your viewer. Let me know how thing go.
Michael Steele | Support Technician
mailto:michaels at ...155...
Silicon Defense: IDS solutions - http://www.silicondefense.com
Snort: Open Source Network IDS - http://www.snort.org
-----Original Message-----
From: Richard Roy [mailto:royr at ...5882...]
Sent: May 16, 2002 7:16 AM
To: 'Michael Steele'
Subject: RE: [Snort-users] SNORT newbie looking for some help with Snort on Win2k
I've definately got it logging now, without IDS center. I have it logging to MySQL (there were 15 events at last check) but now I can not get ACID to work at all. I get a CGI error that "The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are" But that is it, no headers are there. It is supposed to be using PHP and the .cgi is mapped the same as .php which didn't help. Any thoughts?
[Rich Roy]
-----Original Message-----
From: Michael Steele [mailto:michaels at ...155...]
Sent: Wednesday, May 15, 2002 5:29 PM
To: 'Richard Roy'
Subject: RE: [Snort-users] SNORT newbie looking for some help with Snort on Win2k
Richard,
If you are not sure your logging, you can place this rule in your local.rules file and activate the local.rules file in the snort.conf file. Now generate some traffic with your browser and you should see your log file grow.
alert tcp any any <> any any (msg:"alert-local test";)
Michael Steele | Support Technician
mailto:michaels at ...155...
Silicon Defense: IDS solutions - http://www.silicondefense.com
Snort: Open Source Network IDS - http://www.snort.org
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...3204...ts.sourceforge.net] On Behalf Of Richard Roy
Sent: Wednesday, May 15, 2002 7:50 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SNORT newbie looking for some help with Snort on Win2k
I set up SNORT using IDSCentre and tested the config using the applet. I received no error messages, the SNORT window is minimized and things appear to work, yet there are no alerts, no log entries, nothing. I know we are under hits all the time, my firewall reports blocking them.
Setup:
W2K Pro p3 733. On a hub with router and firewall external interface. I have 64 public IP's and I'd like to scan the range if possible. I am including the following.